Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 12:35
Static task
static1
Behavioral task
behavioral1
Sample
bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
bcfe017487a3154741fbc7a0ec51ed90
-
SHA1
aaf0251dd2834c2f35e87471b48d2a5722afd215
-
SHA256
ba2bcdb7f7a07905a9be4c223eba6477ef2de779d47859a95299c844c66625f2
-
SHA512
ffee900f4c741221ae6cef5a8672fc20bf63e2599db2eaf82db25dfdc58b6f9a135c668da2e952b1e9df926b48f6328c97f897c55b5f343d90c8fd07d161cd7c
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBw9w4Sx:+R0pI/IQlUoMPdmpSpi4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4352 xbodloc.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotT1\\xbodloc.exe" bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\GalaxT7\\optialoc.exe" bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 4352 xbodloc.exe 4352 xbodloc.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 876 wrote to memory of 4352 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 89 PID 876 wrote to memory of 4352 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 89 PID 876 wrote to memory of 4352 876 bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:876 -
C:\UserDotT1\xbodloc.exeC:\UserDotT1\xbodloc.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4352
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD519d08c30e2ceb5308722bd60bf121523
SHA10143b6465eece8b58287fbff7c71ece1919c6465
SHA256ef47b332ab42da0fea4c627752a8c2f92cca0d2808fec9835fa1d24a48fc23b9
SHA5126beb32902668c1be7469f6a77b0d6bd1ba778293e582c5f8d8b51ddd23607a19431aede6e886d58758e6a11ff1ea431f67bfd37463cdef96a06acf647a1d2c0d
-
Filesize
2.7MB
MD55718b04058c25256519689326fe4ff40
SHA14439a14a241cfb4914ccc9e90f8d8cc87fe0e5a8
SHA2562bc71e7f2c13d0374cff21c069e7df26241c6fd6efce40adeb4f2b81ae5215b6
SHA5124f14a23d584e31a3653735a04135b85f58de02ac643e607044c7be607d21334871da6dae519934cc344488b4a83315b274c73ac34d95dc678b7cbb23022c1518
-
Filesize
207B
MD5449047f4b6120566869e47cd9e955972
SHA1c683022816bc82cde1db4520cbf58a98fde0380c
SHA2566cae1b8a9dda71ed50145b03572c4421cada50fd8e4eaf7598d8bb9f3f47ab69
SHA51283ab1a09b6f7f938293caef59f8ce2b9014da52868a85cc7518b2d8b1d53698ff1a37ef978af22518d55c5f148c02dbfabd7e8b1c6282be1e32bfe208ab1dfb0